lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <s5hd2qimhg2.wl%tiwai@suse.de>
Date:	Tue, 16 Jul 2013 21:29:49 +0200
From:	Takashi Iwai <tiwai@...e.de>
To:	David Lang <david@...g.hm>
Cc:	Takashi Iwai <tiwai@...e.de>, Willy Tarreau <w@....eu>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org,
	ksummit-2013-discuss@...ts.linux-foundation.org,
	torvalds@...ux-foundation.org
Subject: Re: [Ksummit-2013-discuss] When to push bug fixes to mainline

At Tue, 16 Jul 2013 09:42:34 -0700 (PDT),
David Lang wrote:
> 
> On Tue, 16 Jul 2013, Takashi Iwai wrote:
> 
> > At Tue, 16 Jul 2013 00:19:16 -0700 (PDT),
> > David Lang wrote:
> >>
> >> On Fri, 12 Jul 2013, Willy Tarreau wrote:
> >>
> >>> And maybe in the end, having 1/10 patch cause a regression is not *that*
> >>> dramatic, and probably less than not fixing the 9 other bugs. In one case
> >>> we rely on -stable to merge the 10 fixes, and on the other case we'd rely
> >>> on -stable to just revert one of them.
> >>
> >> Apologies for the late post, I'm catching up on things, but this jumped out at
> >> me.
> >>
> >> We went through a LOT of pain several years ago when people got into the mindset
> >> that a patch was acceptable if it fixed more people than it broke. eliminating
> >> that mindset did wonders for kernel stability.
> >>
> >> Regressions are a lot more of a negative than bugfixes are a positive, a 10:1
> >> ratio of fixes to regressions is _not_ good enough.
> >
> > IMO, one of the reasons is the nature of stable-release: the stable
> > tree is released soon after reviews of patches, so no actual
> > regression tests can be done before the release.
> >
> > For finding a regression, patch reviews won't be enough; all patches
> > have been already reviewed, thus essentially they must be all
> > positive/good fixes.  And the compile is OK.  So what's the problem?
> >
> > Maybe some QA period before the release might help, but who would
> > care?  (Especially under the situation where everybody has own x.y
> > stable tree?)
> 
> I am not saying that no regressions will happen (for exactly the reasons that 
> you are giving).

I don't expect that no regression will happen, too.  I'm no dreamer:)
But I expect we can reduce the regressions, at least.

> what I am complaining about is the attitude that a few regressions are Ok, as 
> long as there are more fixes than there are regressions.

Agreed.  And this is the difficult point.  No one introduced
regressions at its will.  Mostly they are overlooked mistakes.
So, where is the border line and how to distinguish?  Can't we
backport uncritical fixes even if users want them explicitly?
I guess there seem different opinions on these.


thanks,

Takashi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ